General
-
Target
6b0076750061fad495215e8e53f74f35_JaffaCakes118
-
Size
31.0MB
-
Sample
240523-p39ceabc27
-
MD5
6b0076750061fad495215e8e53f74f35
-
SHA1
5df5254c2fd1d2c56d6d9e20cbcb74d8d86d1e2c
-
SHA256
d1a7f6714831cd7acffbb4786fb50b875c7a4efce1262df27f7af9ec78ac0e7c
-
SHA512
b6469bc9b679bc710257f46288d022b25a1a3bca7f244b8c8434005e08972192eda7c18e4904e7bea1391ee42398aa974778a3eee5e47679b6a8c4e6cb3af6b0
-
SSDEEP
786432:o7ZJ8x+y9wzFryGPZM8Y1i7YAu2nrTG1VkJjjh2+G3:oF+N1C/7GKHG16hG3
Malware Config
Targets
-
-
Target
6b0076750061fad495215e8e53f74f35_JaffaCakes118
-
Size
31.0MB
-
MD5
6b0076750061fad495215e8e53f74f35
-
SHA1
5df5254c2fd1d2c56d6d9e20cbcb74d8d86d1e2c
-
SHA256
d1a7f6714831cd7acffbb4786fb50b875c7a4efce1262df27f7af9ec78ac0e7c
-
SHA512
b6469bc9b679bc710257f46288d022b25a1a3bca7f244b8c8434005e08972192eda7c18e4904e7bea1391ee42398aa974778a3eee5e47679b6a8c4e6cb3af6b0
-
SSDEEP
786432:o7ZJ8x+y9wzFryGPZM8Y1i7YAu2nrTG1VkJjjh2+G3:oF+N1C/7GKHG16hG3
Score8/10-
Checks if the Android device is rooted.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Requests cell location
Uses Android APIs to to get current cell information.
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Reads information about phone network operator.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
-
-
Target
Letv_Ads.apk
-
Size
256KB
-
MD5
41e24beb356566fa8fed9f58f09a217a
-
SHA1
4c30f6eae27286ae25794721ed88b39617660412
-
SHA256
ee34e666cb4e9f3c0db0ce5f9f2505d661580fcf58f49d401b072bf4cdbcdae1
-
SHA512
d33b092b0f7c09170c3b8e48b49bc768581b3485d9798ae8efe17acee7fae90e2e1ff2df4b00fe42c089a2b59148e0314f7553a74563b11f19d697216458252b
-
SSDEEP
6144:1PsozM/f4qN6OqHvwJTfeGUysitOUpVZ6W0bUcsJ:JzyAwqHoJbsOzZ6fq
Score1/10 -
-
-
Target
bdxadsdk.jar
-
Size
123KB
-
MD5
9401b3cc6e9eb44d98f1a16c3723103b
-
SHA1
949596e2d808d5ed3189983d3a5eaa4787065073
-
SHA256
8e925584239a37fa3c2db9b7ce684247c26a5b3a3788b88bad0f15ef30ec0aad
-
SHA512
d3395c9768a5228a13194788cc7248661c6f782ff4cde024b51b306e62f54fd7ea6a75caf867d56bb0946fec2fe66b113660c54f6fce1f62dd8564e4ce3bafb7
-
SSDEEP
3072:NbabKFk2qwKdLn97ldTAaLeAm5uJ+TawENk53FVlhnujcq+:cD2qlL9LTAa3nMzEmRlhujcq+
Score1/10 -
-
-
Target
gdtadv2.jar
-
Size
149KB
-
MD5
5bbd4987057c6aa8f1992d72206c68a9
-
SHA1
3a2b6dae68dce8239f680c2684c648238bc1bf36
-
SHA256
2a7fea6e019debe6a0b0c8a5bff40a0451133d3f122d3bcb8f28aed615c50539
-
SHA512
ec138779d809f32ffe54998314263546f630fef799bb3cbf61fd494706724a3f756e0b3a5e721765b121a053b56cbe3e39f8edd09c17cae8289d677f9c4b8f73
-
SSDEEP
3072:s9ECghK7Pic1Oy3c/obh2acQZD8+jb1gUKno8+l7kSVi:sig7KijlbhncQ58CCUKolkSM
Score1/10 -
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2